A Guide for Newbies that are just starting out. This is a continuance of ratdance's old paper. This paper gives a lot of information on a broad range of subjects such as: history and theory behind hacking, wireless attacks, cryptography, OS's, OSI model, tcp/ip, protocols, et al. For more information go ahead and take a look for youself.

A simple common password list, derived from passwords that appear 100+ times out of the rockyou 32 million passwords list, generated via a series of sed scripts, awk, sort, and uniq. Twas unexpectedly fun in creating enjoy!

A Directory Traversal attack is a type of computer security exploit that involves the use of characters designed to induce a “traverse to parent directory” within a web server, to gain access to files or directories that would otherwise be restricted. The access granted by a Directory Traversal vulnerability may include any combination of the following basic permissions: Read, Write, Execute, and Delete.

Cross site scripting, commonly known by its acronym, XSS, is a type of computer security vulnerability that involves the injection of code into web pages by means of web applications. During the execution of an XSS attack, information from one entity, whe

Steganography is an ancient art of hiding information. Digital technology gives us new ways to apply steganographic techniques, including one of the most intriguing—that of hiding information in digital images.

This handy little utility assembles and sends custom ICMP, UDP, or TCP packets and then displays any replies. It was inspired by the ping command, but offers far more control over the probes sent. It also has a handy traceroute mode and supports IP fragme

The Windows NT and Windows 2000 Resource Kits come with a number of command-line tools that help you administer your Windows NT/2K systems. Over time, I've grown a collection of similar tools, including some not included in the Resource Kits. What set

TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. On Windows Server 2008, Vista, and XP, TCPView also reports the name of t

Information which should be protected is very often publicly available, revealed by careless or ignorant users. The result is that lots of confidential data is freely available on the Internet , if we know how to find it .

Penetration testing often focuses on individual vulnerabilities and services. This paper introduces a tactical approach that does not rely on exploiting known flaws. The first section of this paper covers information gathering and discovery techniques, wi

This document discusses in detail the common 'SQL injection' technique, as it applies to the popular Microsoft Internet Information Server/Active Server Pages/SQL Server platform. It discusses the various ways in which SQL can be 'injected'

The Uncommon SQL Injection white paper is, as promised by the title, virtually unlike any other SQL injection walk through on the web. This written lesson aims to not only provide a comprehensive reference, and to serve as a learning aid, but also to help

Practical SQL Injection bit by bit.
I hear you already thinking: yet another paper on SQL injection. In fact it is, but this time, the injection was a bit more tricky to exploit than usual. I though it deserved a short paper.

This is a tutorial on chaining proxies for the use of becoming more anonymous while online. There aren't enough tutorials online about this subject so I decided to make an attempt at writing one. Since it's on the subject, I included a section on

Netcat is a computer networking service for reading from and writing network connections using TCP or UDP. Netcat is designed to be a dependable “back-end” device that can be used candidly or easily driven by other programs and scripts.